Community

This is all rather 'non-news'.

1. Of course e-commerce fraud will rise. It is rising everywhere as e-commerce and m-commerce get used more.

2. Naturally, if you stop fraudsters using cards at the point of sale with EMV, they will move to CNP.

3. If you do not put in protections in your CNP channel, fraud will rise.

The news here is really:

a) USA fails to adopt (or plan for) protections in the e-commerce channel.

b) The late adoption of EMV in the USA, has caused a lot more data compromises for longer in this market. 

c) EMV adoption is starting to see fraudsters detered from CO fraud opportunities already as they move to other softer targets.

@Ralf - I think you may have posted this in the wrong place - as this is not the issue here; or at least I can see no linkage that you have made clear. This issue is about the PSD2 additional-identification requirements: which no-one has quite understood what in practice is required: and is becoming clearer. 

It has nothing to do with direc/indirect access or the 'so called rails' that you refer to, not API issues. You clearly have a 'cause' that you want to expand upon: but here (on this issue) it is irrelevent.

Mmmm - we are rather digressing here! Entertaining though.

Why on earth would we want the running shoes to be in control? The logic would be that the shoes would talk to the fitness APP. The fitness APP would then be the more appropriate 'controller' to start the thinking about the buying and to make it an 'experience' as shown above. The shoes would have only a 'single-mindedness' that very few people would welcome if they did have the time to programme them to do so. The APP however could also assess whether we need socks, find the nearest shop, drink, food, medical attention(!) etc. I can't see anyone putting the shoes in command. Agree with above writers (hello James), that the example borders on crass - and certainly does not sell the concept very well. In the usual example it always confuses me as to how fridges know what to buy?

@MelvinH - That shouldn't be anything to do with Visa, but entirely due to your bank (i.e. the bank that issues you with the card). Visa is simply the 'road' - whereas you seem to have a problem with the car'. Moreso, I struggle to relate your challenge to the Finextra article.

The article says it all in a strange way. But to summarise here:

- Nick Leeson lied and cheated his employer Barings Bank in order to be paid millions in bonuses for his successful trading.

- His successfull trading was actually loss making in the 100s millions, that cause a bank that was one of the oldest in London to fail and close and be disgraced.

- He went to jail for his crimes; and part of his defense was that he did not know anything about what he was doing.

He has now decided, with that history and no qualifications or history in this area to become a consultant and with that to go into other organisations to 'help' them in some way. Really? 

The best way to deal with challenges in organisations is to get people who understand the problems, and can help address them. Of course, we must accept that people do rehabilitate, but we still have to apply some common-sense to the rehabilitation process.

BTW - I have some well-trained foxes for sale - that are ideal for guarding chickens. Contact me for more details.

@Ketharaman - I am not sure which way you are arguing; but what I think you are saying is that for the list of reasons that you have given, EMV seems to be something that will not work for the USA.

This is however really weird, as these are all very strong benefits of EMV for the USA that will all make the solution a big market - saver for US. They are also reasons (Myths) that are propogated in the US without and substance or evidenced.

For instance, in an EMV environment the friction is much improved - and especially so if the retailer community insists on a proper CVM and demands that the card industry removes the responsibility of being the card industry fraud policemen and make sure that the terminal does ALL the checking of the customer for them.

Too little detail here to work out how and what will be happenning and whether this will work or not. Given that it is Chase, we woudl hope that they have addressed: Using a secure CVM, tokenisation, 'secure enclave' type technology, garantees for payment, NFC / EMV integration and merchant reconciliation etc. But we will have to see.

On the worrying side, the article is accompanied by a QR code picture and description, which is rather worrying as this is a very physical and insecure technology; and relies upon people to take pictures at the point of sale, aswell as producing QR codes. This all makes for a lot of worrying 'payments friction' for customer and merchants alike. Accordingly, I/we wonder whether Chase will make no/minimum efforts in adapting or replacing their terminals and rely upon major changes to the IT and processes at the merchants to set up a (ephemeral) QR code printing system.

We will see......... 

@ Matt - you could have given some specifics - but I guess, with something so wrong, so inacurate and ill-informed, it is difficult to know where to start; and I am beginning to regret diving in at all.

@ Anonymous 16-00 - I know the cases well. And I am not going to start teaching everyine here the detail - and start compromising the industry further. However, I woudl say that the French case:

- Proved nothing - and especially not the Cambridge case

- It was a spoofing solution that was (seemingly) very hard to do, whereas it was not necessary - and would work on any card with or without a chip - so why bother

- There are much easier ways to defraud

- These folk got caught and sent away - as this is easy to find.

- There were only attempted frauds, and the losses to the banks would have been £0

- The fraud will have been found very early on (or should have been - if the banks were doing things properly and had the righ parameters set),

The real problems here were associated with bigger / easier breakdowns and not the CHIP issue - but as an industry representative, I am happy to let people think whatever they like. People in the industry know that it is all nonsense.

Again, quoting a fraud that nearly happenned in a waythat was stoppable, understood, known about, with no actual real loss (in spite of what was reported), and wrongly attributed to a technology that works in $billions transactions every day; and without real details (only journalistic innacuracy and theoretical extropolation), on a different topic to the one that the article is showing, .... and anonymously; does not take anything forward - so I am signing-off here!

The team in Cambridge discovered nothing of any value, nothing that has been reproduced or caused any real risk with the payments systems or to EMV. This Cambridge research gets unloaded often, so causes me to regularly read it 'for a laugh', albeit it is actually too dry to get interest in, except to see how it is a set of theoretical theories that woudl NEVER happen in reality and cannot ever be applied to the real world; and even if it could, the measures that everyone has would stop any exposures.

Rather than having a quick look at a theoretical laboratory Cambridge research, it is probably better to see the millions of transactions being undertaken by EMV every second around the world. Practical, real and happenning. World 1,000,0000,000 actual goals: Cambridge : 0 real goes, jut a theoretical one. 

Get in touch with me if you would like help understanding the Cambridge issues; but of course please do read them, and note who sponsored the research and why too!

@Ketharaman - you will see that EMV is of great value in the USA and saves $billions/millions, makes people more secure, makes the customer journey better and the retailer processes easier. The next and key step though is to get EMV with a proper CVM - rather than implementing it without one.

@ALL - this is NOT an article revisiting

a) EMV - Yes or no?

b) PIN vs SIG

The issue was whether NFC will replace EMV - which is nonsence as they are different things as the anonymous contributor quite eloquently showed above with the definitions (but spoiled it a litlle with the quotes from a rather discreditable Cambridge research piece).